From: Greg Kroah-Hartman Date: Fri, 7 Feb 2020 10:19:55 +0000 (+0100) Subject: 5.5-stable patches X-Git-Tag: v4.19.103~100 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a8875d14bb3526e955765401f7990329260eb232;p=thirdparty%2Fkernel%2Fstable-queue.git 5.5-stable patches added patches: f2fs-code-cleanup-for-f2fs_statfs_project.patch f2fs-fix-dcache-lookup-of-casefolded-directories.patch f2fs-fix-miscounted-block-limit-in-f2fs_statfs_project.patch f2fs-fix-race-conditions-in-d_compare-and-d_hash.patch ovl-fix-lseek-overflow-on-32bit.patch ovl-fix-wrong-warn_on-in-ovl_cache_update_ino.patch --- diff --git a/queue-5.5/f2fs-code-cleanup-for-f2fs_statfs_project.patch b/queue-5.5/f2fs-code-cleanup-for-f2fs_statfs_project.patch new file mode 100644 index 00000000000..fb0a36ae2d2 --- /dev/null +++ b/queue-5.5/f2fs-code-cleanup-for-f2fs_statfs_project.patch @@ -0,0 +1,53 @@ +From bf2cbd3c57159c2b639ee8797b52ab5af180bf83 Mon Sep 17 00:00:00 2001 +From: Chengguang Xu +Date: Sat, 4 Jan 2020 22:20:04 +0800 +Subject: f2fs: code cleanup for f2fs_statfs_project() + +From: Chengguang Xu + +commit bf2cbd3c57159c2b639ee8797b52ab5af180bf83 upstream. + +Calling min_not_zero() to simplify complicated prjquota +limit comparison in f2fs_statfs_project(). + +Signed-off-by: Chengguang Xu +Reviewed-by: Chao Yu +Signed-off-by: Jaegeuk Kim +Signed-off-by: Greg Kroah-Hartman + +--- + fs/f2fs/super.c | 16 ++++------------ + 1 file changed, 4 insertions(+), 12 deletions(-) + +--- a/fs/f2fs/super.c ++++ b/fs/f2fs/super.c +@@ -1213,12 +1213,8 @@ static int f2fs_statfs_project(struct su + return PTR_ERR(dquot); + spin_lock(&dquot->dq_dqb_lock); + +- limit = 0; +- if (dquot->dq_dqb.dqb_bsoftlimit) +- limit = dquot->dq_dqb.dqb_bsoftlimit; +- if (dquot->dq_dqb.dqb_bhardlimit && +- (!limit || dquot->dq_dqb.dqb_bhardlimit < limit)) +- limit = dquot->dq_dqb.dqb_bhardlimit; ++ limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit, ++ dquot->dq_dqb.dqb_bhardlimit); + if (limit) + limit >>= sb->s_blocksize_bits; + +@@ -1230,12 +1226,8 @@ static int f2fs_statfs_project(struct su + (buf->f_blocks - curblock) : 0; + } + +- limit = 0; +- if (dquot->dq_dqb.dqb_isoftlimit) +- limit = dquot->dq_dqb.dqb_isoftlimit; +- if (dquot->dq_dqb.dqb_ihardlimit && +- (!limit || dquot->dq_dqb.dqb_ihardlimit < limit)) +- limit = dquot->dq_dqb.dqb_ihardlimit; ++ limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit, ++ dquot->dq_dqb.dqb_ihardlimit); + + if (limit && buf->f_files > limit) { + buf->f_files = limit; diff --git a/queue-5.5/f2fs-fix-dcache-lookup-of-casefolded-directories.patch b/queue-5.5/f2fs-fix-dcache-lookup-of-casefolded-directories.patch new file mode 100644 index 00000000000..cade1031586 --- /dev/null +++ b/queue-5.5/f2fs-fix-dcache-lookup-of-casefolded-directories.patch @@ -0,0 +1,35 @@ +From 5515eae647426169e4b7969271fb207881eba7f6 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 23 Jan 2020 20:15:48 -0800 +Subject: f2fs: fix dcache lookup of !casefolded directories + +From: Eric Biggers + +commit 5515eae647426169e4b7969271fb207881eba7f6 upstream. + +Do the name comparison for non-casefolded directories correctly. + +This is analogous to ext4's commit 66883da1eee8 ("ext4: fix dcache +lookup of !casefolded directories"). + +Fixes: 2c2eb7a300cd ("f2fs: Support case-insensitive file name lookups") +Cc: # v5.4+ +Signed-off-by: Eric Biggers +Signed-off-by: Jaegeuk Kim +Signed-off-by: Greg Kroah-Hartman + +--- + fs/f2fs/dir.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/f2fs/dir.c ++++ b/fs/f2fs/dir.c +@@ -1073,7 +1073,7 @@ static int f2fs_d_compare(const struct d + if (!IS_CASEFOLDED(dentry->d_parent->d_inode)) { + if (len != name->len) + return -1; +- return memcmp(str, name, len); ++ return memcmp(str, name->name, len); + } + + return f2fs_ci_compare(dentry->d_parent->d_inode, name, &qstr, false); diff --git a/queue-5.5/f2fs-fix-miscounted-block-limit-in-f2fs_statfs_project.patch b/queue-5.5/f2fs-fix-miscounted-block-limit-in-f2fs_statfs_project.patch new file mode 100644 index 00000000000..3062b21debc --- /dev/null +++ b/queue-5.5/f2fs-fix-miscounted-block-limit-in-f2fs_statfs_project.patch @@ -0,0 +1,33 @@ +From acdf2172172a511f97fa21ed0ee7609a6d3b3a07 Mon Sep 17 00:00:00 2001 +From: Chengguang Xu +Date: Sat, 4 Jan 2020 22:20:03 +0800 +Subject: f2fs: fix miscounted block limit in f2fs_statfs_project() + +From: Chengguang Xu + +commit acdf2172172a511f97fa21ed0ee7609a6d3b3a07 upstream. + +statfs calculates Total/Used/Avail disk space in block unit, +so we should translate soft/hard prjquota limit to block unit +as well. + +Below testing result shows the block/inode numbers of +Total/Used/Avail from df command are all correct afer +applying this patch. + +[root@localhost quota-tools]\# ./repquota -P /dev/sdb1 +--- + fs/f2fs/super.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/f2fs/super.c ++++ b/fs/f2fs/super.c +@@ -1219,6 +1219,8 @@ static int f2fs_statfs_project(struct su + if (dquot->dq_dqb.dqb_bhardlimit && + (!limit || dquot->dq_dqb.dqb_bhardlimit < limit)) + limit = dquot->dq_dqb.dqb_bhardlimit; ++ if (limit) ++ limit >>= sb->s_blocksize_bits; + + if (limit && buf->f_blocks > limit) { + curblock = dquot->dq_dqb.dqb_curspace >> sb->s_blocksize_bits; diff --git a/queue-5.5/f2fs-fix-race-conditions-in-d_compare-and-d_hash.patch b/queue-5.5/f2fs-fix-race-conditions-in-d_compare-and-d_hash.patch new file mode 100644 index 00000000000..feafb85b655 --- /dev/null +++ b/queue-5.5/f2fs-fix-race-conditions-in-d_compare-and-d_hash.patch @@ -0,0 +1,82 @@ +From 80f2388afa6ef985f9c5c228e36705c4d4db4756 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 23 Jan 2020 20:15:49 -0800 +Subject: f2fs: fix race conditions in ->d_compare() and ->d_hash() + +From: Eric Biggers + +commit 80f2388afa6ef985f9c5c228e36705c4d4db4756 upstream. + +Since ->d_compare() and ->d_hash() can be called in RCU-walk mode, +->d_parent and ->d_inode can be concurrently modified, and in +particular, ->d_inode may be changed to NULL. For f2fs_d_hash() this +resulted in a reproducible NULL dereference if a lookup is done in a +directory being deleted, e.g. with: + + int main() + { + if (fork()) { + for (;;) { + mkdir("subdir", 0700); + rmdir("subdir"); + } + } else { + for (;;) + access("subdir/file", 0); + } + } + +... or by running the 't_encrypted_d_revalidate' program from xfstests. +Both repros work in any directory on a filesystem with the encoding +feature, even if the directory doesn't actually have the casefold flag. + +I couldn't reproduce a crash in f2fs_d_compare(), but it appears that a +similar crash is possible there. + +Fix these bugs by reading ->d_parent and ->d_inode using READ_ONCE() and +falling back to the case sensitive behavior if the inode is NULL. + +Reported-by: Al Viro +Fixes: 2c2eb7a300cd ("f2fs: Support case-insensitive file name lookups") +Cc: # v5.4+ +Signed-off-by: Eric Biggers +Signed-off-by: Jaegeuk Kim +Signed-off-by: Greg Kroah-Hartman + +--- + fs/f2fs/dir.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/fs/f2fs/dir.c ++++ b/fs/f2fs/dir.c +@@ -1069,24 +1069,27 @@ static int f2fs_d_compare(const struct d + const char *str, const struct qstr *name) + { + struct qstr qstr = {.name = str, .len = len }; ++ const struct dentry *parent = READ_ONCE(dentry->d_parent); ++ const struct inode *inode = READ_ONCE(parent->d_inode); + +- if (!IS_CASEFOLDED(dentry->d_parent->d_inode)) { ++ if (!inode || !IS_CASEFOLDED(inode)) { + if (len != name->len) + return -1; + return memcmp(str, name->name, len); + } + +- return f2fs_ci_compare(dentry->d_parent->d_inode, name, &qstr, false); ++ return f2fs_ci_compare(inode, name, &qstr, false); + } + + static int f2fs_d_hash(const struct dentry *dentry, struct qstr *str) + { + struct f2fs_sb_info *sbi = F2FS_SB(dentry->d_sb); + const struct unicode_map *um = sbi->s_encoding; ++ const struct inode *inode = READ_ONCE(dentry->d_inode); + unsigned char *norm; + int len, ret = 0; + +- if (!IS_CASEFOLDED(dentry->d_inode)) ++ if (!inode || !IS_CASEFOLDED(inode)) + return 0; + + norm = f2fs_kmalloc(sbi, PATH_MAX, GFP_ATOMIC); diff --git a/queue-5.5/ovl-fix-lseek-overflow-on-32bit.patch b/queue-5.5/ovl-fix-lseek-overflow-on-32bit.patch new file mode 100644 index 00000000000..953424294eb --- /dev/null +++ b/queue-5.5/ovl-fix-lseek-overflow-on-32bit.patch @@ -0,0 +1,35 @@ +From a4ac9d45c0cd14a2adc872186431c79804b77dbf Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Mon, 3 Feb 2020 11:41:53 +0100 +Subject: ovl: fix lseek overflow on 32bit + +From: Miklos Szeredi + +commit a4ac9d45c0cd14a2adc872186431c79804b77dbf upstream. + +ovl_lseek() is using ssize_t to return the value from vfs_llseek(). On a +32-bit kernel ssize_t is a 32-bit signed int, which overflows above 2 GB. + +Assign the return value of vfs_llseek() to loff_t to fix this. + +Reported-by: Boris Gjenero +Fixes: 9e46b840c705 ("ovl: support stacked SEEK_HOLE/SEEK_DATA") +Cc: # v4.19 +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/overlayfs/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/overlayfs/file.c ++++ b/fs/overlayfs/file.c +@@ -146,7 +146,7 @@ static loff_t ovl_llseek(struct file *fi + struct inode *inode = file_inode(file); + struct fd real; + const struct cred *old_cred; +- ssize_t ret; ++ loff_t ret; + + /* + * The two special cases below do not need to involve real fs, diff --git a/queue-5.5/ovl-fix-wrong-warn_on-in-ovl_cache_update_ino.patch b/queue-5.5/ovl-fix-wrong-warn_on-in-ovl_cache_update_ino.patch new file mode 100644 index 00000000000..bc4078f11e8 --- /dev/null +++ b/queue-5.5/ovl-fix-wrong-warn_on-in-ovl_cache_update_ino.patch @@ -0,0 +1,43 @@ +From 4c37e71b713ecffe81f8e6273c6835e54306d412 Mon Sep 17 00:00:00 2001 +From: Amir Goldstein +Date: Sun, 22 Dec 2019 22:47:54 +0200 +Subject: ovl: fix wrong WARN_ON() in ovl_cache_update_ino() + +From: Amir Goldstein + +commit 4c37e71b713ecffe81f8e6273c6835e54306d412 upstream. + +The WARN_ON() that child entry is always on overlay st_dev became wrong +when we allowed this function to update d_ino in non-samefs setup with xino +enabled. + +It is not true in case of xino bits overflow on a non-dir inode. Leave the +WARN_ON() only for directories, where assertion is still true. + +Fixes: adbf4f7ea834 ("ovl: consistent d_ino for non-samefs with xino") +Cc: # v4.17+ +Signed-off-by: Amir Goldstein +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/overlayfs/readdir.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/fs/overlayfs/readdir.c ++++ b/fs/overlayfs/readdir.c +@@ -504,7 +504,13 @@ get: + if (err) + goto fail; + +- WARN_ON_ONCE(dir->d_sb->s_dev != stat.dev); ++ /* ++ * Directory inode is always on overlay st_dev. ++ * Non-dir with ovl_same_dev() could be on pseudo st_dev in case ++ * of xino bits overflow. ++ */ ++ WARN_ON_ONCE(S_ISDIR(stat.mode) && ++ dir->d_sb->s_dev != stat.dev); + ino = stat.ino; + } else if (xinobits && !OVL_TYPE_UPPER(type)) { + ino = ovl_remap_lower_ino(ino, xinobits, diff --git a/queue-5.5/series b/queue-5.5/series index 0a04182e1cd..2286774de27 100644 --- a/queue-5.5/series +++ b/queue-5.5/series @@ -127,3 +127,9 @@ scsi-qla2xxx-fix-mtcp-dump-collection-failure.patch cpupower-revert-library-abi-changes-from-commit-ae2917093fb60bdc1ed3e.patch power-supply-axp20x_ac_power-fix-reporting-online-status.patch power-supply-ltc2941-battery-gauge-fix-use-after-free.patch +ovl-fix-wrong-warn_on-in-ovl_cache_update_ino.patch +ovl-fix-lseek-overflow-on-32bit.patch +f2fs-fix-miscounted-block-limit-in-f2fs_statfs_project.patch +f2fs-code-cleanup-for-f2fs_statfs_project.patch +f2fs-fix-dcache-lookup-of-casefolded-directories.patch +f2fs-fix-race-conditions-in-d_compare-and-d_hash.patch